From ce67394ccb7eaf138330c52f9ec5062698efb8aa Mon Sep 17 00:00:00 2001 From: Michael Scherer Date: Tue, 14 Oct 2014 23:36:21 -0400 Subject: [PATCH] Remove ssl v3, CVE-2014-3566 --- roles/httpd/files/remove_sslv3.conf | 1 + roles/httpd/tasks/main.yml | 1 + 2 files changed, 2 insertions(+) create mode 100644 roles/httpd/files/remove_sslv3.conf diff --git a/roles/httpd/files/remove_sslv3.conf b/roles/httpd/files/remove_sslv3.conf new file mode 100644 index 0000000..0872cbe --- /dev/null +++ b/roles/httpd/files/remove_sslv3.conf @@ -0,0 +1 @@ +SSLProtocol all -SSLv2 -SSLv3 diff --git a/roles/httpd/tasks/main.yml b/roles/httpd/tasks/main.yml index 98d6ade..7dfe89d 100644 --- a/roles/httpd/tasks/main.yml +++ b/roles/httpd/tasks/main.yml @@ -11,6 +11,7 @@ with_items: - name_vhost.conf - mod_filter.conf + - remove_sslv3.conf notify: restart httpd - template: src=vhost.conf dest=/etc/httpd/conf.d/{{ website_url }}.conf owner=root group=apache mode=0644 -- 1.8.3.1